This commit is contained in:
70
.drone.yml
70
.drone.yml
@@ -9,7 +9,6 @@ trigger:
|
||||
- pull_request
|
||||
|
||||
steps:
|
||||
# Проверка качества Python кода
|
||||
- name: python-lint
|
||||
image: python:3.11-slim
|
||||
commands:
|
||||
@@ -23,7 +22,6 @@ steps:
|
||||
- isort --check-only --diff . || echo "WARNING Import sorting issues found"
|
||||
- echo "SUCCESS Python checks completed"
|
||||
|
||||
# Проверка качества Frontend кода
|
||||
- name: frontend-lint
|
||||
image: node:20-alpine
|
||||
commands:
|
||||
@@ -35,7 +33,6 @@ steps:
|
||||
- npm run lint || echo "WARNING ESLint warnings found (non-blocking)"
|
||||
- echo "SUCCESS Frontend checks completed"
|
||||
|
||||
# Тестирование Backend
|
||||
- name: python-tests
|
||||
image: python:3.11-slim
|
||||
commands:
|
||||
@@ -49,7 +46,6 @@ steps:
|
||||
- push
|
||||
- pull_request
|
||||
|
||||
# Тестирование Frontend
|
||||
- name: frontend-tests
|
||||
image: node:20-alpine
|
||||
commands:
|
||||
@@ -63,7 +59,6 @@ steps:
|
||||
- push
|
||||
- pull_request
|
||||
|
||||
# Проверка безопасности Python зависимостей
|
||||
- name: python-security
|
||||
image: python:3.11-slim
|
||||
commands:
|
||||
@@ -75,7 +70,6 @@ steps:
|
||||
- bandit -r . -f json -o bandit-report.json || echo "WARNING Security issues found"
|
||||
- echo "SUCCESS Security checks completed"
|
||||
|
||||
# Проверка безопасности Frontend зависимостей
|
||||
- name: frontend-security
|
||||
image: node:20-alpine
|
||||
commands:
|
||||
@@ -85,58 +79,6 @@ steps:
|
||||
- npm audit --audit-level=moderate || echo "WARNING Security warnings found"
|
||||
- echo "SUCCESS Frontend security checks completed"
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: build-frontend
|
||||
|
||||
trigger:
|
||||
event:
|
||||
- push
|
||||
- tag
|
||||
branch:
|
||||
- main
|
||||
- master
|
||||
- develop
|
||||
|
||||
depends_on:
|
||||
- code-quality
|
||||
|
||||
steps:
|
||||
# Сборка Frontend
|
||||
- name: build-frontend
|
||||
image: node:20-alpine
|
||||
commands:
|
||||
- cd frontend
|
||||
- echo "Installing frontend dependencies..."
|
||||
- npm ci --silent
|
||||
- echo "Building frontend for production..."
|
||||
- npm run build
|
||||
- echo "Frontend build size:"
|
||||
- du -sh dist/
|
||||
- echo "SUCCESS Frontend build completed"
|
||||
volumes:
|
||||
- name: frontend-dist
|
||||
path: /drone/src/frontend/dist
|
||||
|
||||
# Сохранение артефактов Frontend
|
||||
- name: save-frontend-artifacts
|
||||
image: alpine:latest
|
||||
commands:
|
||||
- echo "Saving frontend build artifacts..."
|
||||
- tar -czf frontend-dist.tar.gz -C frontend dist/
|
||||
- ls -la frontend-dist.tar.gz
|
||||
- echo "SUCCESS Frontend artifacts saved"
|
||||
volumes:
|
||||
- name: frontend-dist
|
||||
path: /drone/src/frontend/dist
|
||||
depends_on:
|
||||
- build-frontend
|
||||
|
||||
volumes:
|
||||
- name: frontend-dist
|
||||
temp: {}
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
@@ -153,10 +95,8 @@ trigger:
|
||||
|
||||
depends_on:
|
||||
- code-quality
|
||||
- build-frontend
|
||||
|
||||
steps:
|
||||
# Сборка и публикация полного Docker образа
|
||||
- name: build-and-push
|
||||
image: plugins/docker
|
||||
settings:
|
||||
@@ -177,14 +117,11 @@ steps:
|
||||
- BUILD_DATE=${DRONE_BUILD_CREATED}
|
||||
- VCS_REF=${DRONE_COMMIT_SHA}
|
||||
- VERSION=${DRONE_TAG:-${DRONE_BRANCH}-${DRONE_BUILD_NUMBER}}
|
||||
- FRONTEND_BUILD_HASH=${DRONE_COMMIT_SHA:0:8}
|
||||
- BACKEND_BUILD_HASH=${DRONE_COMMIT_SHA:0:8}
|
||||
when:
|
||||
event:
|
||||
- push
|
||||
- tag
|
||||
|
||||
# Тестирование собранного образа
|
||||
- name: test-image
|
||||
image: docker:dind
|
||||
volumes:
|
||||
@@ -205,7 +142,6 @@ steps:
|
||||
depends_on:
|
||||
- build-and-push
|
||||
|
||||
# Сканирование образа на уязвимости
|
||||
- name: scan-image
|
||||
image: aquasec/trivy:latest
|
||||
environment:
|
||||
@@ -216,8 +152,6 @@ steps:
|
||||
commands:
|
||||
- echo "Scanning image for vulnerabilities..."
|
||||
- trivy image --exit-code 0 --severity HIGH,CRITICAL --format table --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8}
|
||||
- echo "Generating detailed security report..."
|
||||
- trivy image --format json --output trivy-report.json --username $TRIVY_USERNAME --password $TRIVY_PASSWORD registry.nevetime.ru/mc-panel:${DRONE_COMMIT_SHA:0:8} || true
|
||||
- echo "SUCCESS Security scan completed"
|
||||
when:
|
||||
event:
|
||||
@@ -246,7 +180,6 @@ depends_on:
|
||||
- build-and-publish
|
||||
|
||||
steps:
|
||||
# Деплой на staging окружение
|
||||
- name: deploy-to-staging
|
||||
image: alpine:latest
|
||||
environment:
|
||||
@@ -284,7 +217,6 @@ depends_on:
|
||||
- build-and-publish
|
||||
|
||||
steps:
|
||||
# Деплой на production окружение
|
||||
- name: deploy-to-production
|
||||
image: alpine:latest
|
||||
environment:
|
||||
@@ -321,11 +253,9 @@ trigger:
|
||||
|
||||
depends_on:
|
||||
- code-quality
|
||||
- build-frontend
|
||||
- build-and-publish
|
||||
|
||||
steps:
|
||||
# Уведомления о результатах сборки
|
||||
- name: notify-telegram
|
||||
image: appleboy/drone-telegram
|
||||
settings:
|
||||
|
||||
Reference in New Issue
Block a user